Merge "Cache policy enforcer"

2017-07-05 15:19:42 +00:00 · 2017-07-05 15:19:42 +00:00 · 54a328c34e
parent da685482bd 71c72340f5
commit 54a328c34e
2 changed files with 10 additions and 1 deletions
--- a/heat/common/context.py
+++ b/heat/common/context.py
@ -114,7 +114,7 @@ class RequestContext(context.RequestContext):
            **config.get_ssl_options('keystone'))
        self.trust_id = trust_id
        self.trustor_user_id = trustor_user_id
-        self.policy = policy.Enforcer()
+        self.policy = policy.get_enforcer()
        self._auth_plugin = auth_plugin
        self._trusts_auth_plugin = trusts_auth_plugin

--- a/heat/common/policy.py
+++ b/heat/common/policy.py
@ -31,6 +31,8 @@ LOG = logging.getLogger(__name__)
 DEFAULT_RULES = policy.Rules.from_dict({'default': '!'})
 DEFAULT_RESOURCE_RULES = policy.Rules.from_dict({'default': '@'})

+ENFORCER = None
+

 class Enforcer(object):
    """Responsible for loading and enforcing rules."""
@ -88,6 +90,13 @@ class Enforcer(object):
        return self._check(context, 'context_is_admin', target={}, exc=None)


+def get_enforcer():
+    global ENFORCER
+    if ENFORCER is None:
+        ENFORCER = Enforcer()
+    return ENFORCER
+
+
 class ResourceEnforcer(Enforcer):
    def __init__(self, default_rule=DEFAULT_RESOURCE_RULES['default'],
                 **kwargs):